Systems and methods for claims processing via mobile device

ABSTRACT

A method, system and computer-usable medium are disclosed for the processing of information collected by a mobile device at the site of an incident. An incident information processing system, comprising an incident location information module, receives incident information provided in a communication originated from a mobile device. The received incident information is processed by the incident location information module to provide location information, which is then used to provide incident response services. Image and audio information relating to the incident are likewise provided by the mobile device for processing into incident information. Incident statement questions are generated by the incident information processing system and are then presented via the mobile device for response by various parties associated with the incident. Responses to the questions are collected via the mobile device, processed into incident statements, and stored in the incident information and claims repository.

CROSS REFERENCE TO RELATED APPLICATIONS

U.S. patent application Ser. No. 12/180,119, entitled “Systems andMethods for claims Processing via Mobile Device,” filed on Jul. 25,2008, describes exemplary methods and systems and is incorporated byreference in its entirety.

U.S. patent application Ser. No. 12/180,196, entitled “Systems andMethods for claims Processing via Mobile Device,” filed on Jul. 25,2008, describes exemplary methods and systems and is incorporated byreference in its entirety.

BACKGROUND Field of the Disclosure

Embodiments of the disclosure relate in general to the field ofcomputers and similar technologies, and in particular to softwareutilized in this field. Still more particularly, it provides a system,method, and computer-usable medium for the processing of informationcollected by a mobile device at the site of an incident.

Description of the Related Art

Being involved in an accident of any kind can be traumatic, withreactions ranging from poor concentration, nervousness, anxiety,irritability, to agitation, or even being in a state of shock. As aresult, the scene of an accident can be confusing to all involved. Insome cases, it is even difficult to determine the actual location of theaccident. The inability to determine the location of an accident can notonly hamper first responder efforts, such as emergency medical services,but it can also introduce delays in the provision of other incidentresponse services, such as providing wrecker service or rental vehicles.

In addition, recalling what was seen and said, by who, in what context,can prove problematic under the best of circumstances, much less thescene of an accident. Witnesses' memories fade as time passes, and thedetails of the accident become vague. In some cases, a witness may evenbegin to rationalize what they believe they may or may not havewitnessed. Each accident scene investigator has their own priorities,which are reflected in the manner, and context, of their documentation.All too often, insurance claims investigators and adjusters review thescene well after the fact and much of the evidence related to theaccident is no longer available. In other cases, witnesses can no longerbe located and the possibility of obtaining a statement of any kind islost. As a result, not only is the responsiveness and effectiveness ofincident response services hampered, but the comprehensiveness, accuracyand timeliness of insurance claim settlements as well.

The use of mobile communication devices has become pervasive in recentyears, and while their features and functionality continue to grow, theyhave also become simpler to use. In fact, it has now become commonplacefor even unsophisticated mobile phone users to use their camera phonesto capture events and send them to a recipient. Mobile device usersinvolved in an accident are no exception and it is not unusual formultiple parties to document the site and details of the incident.However, transferring the incident information collected by these mobiledevices to the insurer is more problematic. In some cases, an insured orclaimant can provide incident information related to an accident as partof an on-line claims process. In other cases, the incident informationcan be attached to an email. More likely, the incident information isproduced in a physical format and provided manually, or worse, not atall. In view of the foregoing, there is a need for the user of a mobiledevice to submit location, image, audio, and other related informationfrom the scene of an accident to improve the responsiveness of incidentresponse services and the accuracy and timeliness of insurance claimsettlements.

BRIEF SUMMARY

A method, system, and computer-usable medium are disclosed forprocessing of information collected by a mobile device at the site of anincident. In various embodiments, an incident information processingsystem, comprising an incident information module, is implemented toprocess information relating to an incident. The incident information isprovided by an insured or other parties using one or more mobiledevices. In these and other embodiments, the incident information isconveyed directly or indirectly from the mobile devices to the incidentinformation processing system through one or more network connections.In one embodiment, the conveyed incident information is stored in anincident information and claims repository, where it is used to processclaims against one or more insurance policies providing coverage for aninsured associated with an incident.

Once identified, user and policy information relating to the insured isretrieved from the user and policy information repository and is used toprovide incident response services. In one embodiment, insurance policyinformation related to the insured's coverage is retrieved from the userand policy information repository and used by the incident informationprocessing system to determine the insured's coverage when fulfillingrequested incident response services. In another embodiment, theinsured's financial account information is stored in the user and policyinformation repository and is operable to be used by the incidentinformation processing system on behalf of the insured to fulfillrequested incident response services.

In various embodiments, the mobile device is operable to collectstatements from an insured and other parties associated with anincident. In one embodiment, the incident information processing systemgenerates a first set of statement questions, based on existing incidentinformation, for the insured. In another embodiment, the first set ofquestions is presented to another party associated with incident. Invarious embodiments the status of the other party may be an insured, awitness, a claimant, or a responder to the incident. In yet anotherembodiment, a second set of statement questions is generated for theother party, based on existing incident information. In still anotherembodiment, a third set of questions, based on the status of the otherparty and the responses to the first set of questions by the insured, ispresented to the other party. In another embodiment, a fourth set ofquestions, based on the status of the other party and the responses tothe first set of questions by the other party, is presented to the otherparty. In these and other embodiments, the responses to the first,second, third, and fourth sets of questions are associated with anincident report and stored in the incident information and claimsrepository.

BRIEF DESCRIPTION OF THE DRAWINGS

Selected embodiments of the disclosure may be understood, and itsnumerous objects and features obtained, when the following detaileddescription is considered in conjunction with the following drawings, inwhich:

FIG. 1 depicts an exemplary client information processing system (IPS)in which embodiments of the disclosure may be implemented;

FIG. 2 is a simplified block diagram of an incident informationprocessing system as implemented in accordance with an embodiment of thedisclosure;

FIGS. 3a-e are a generalized flowchart of the operation of an incidentinformation processing system as implemented with a mobile device todetermine the location of an incident;

FIGS. 4a-c are a generalized flowchart of the operation of an incidentinformation processing system as implemented with a mobile device toprovide a response to an incident;

FIGS. 5a-b are a generalized flowchart of the operation of an incidentinformation processing system as implemented with a mobile device tocollect incident information; and

FIGS. 6a-d are a generalized flowchart of the operation of an incidentinformation processing system as implemented with a mobile device tocollect statements.

DETAILED DESCRIPTION

A method, system and computer-usable medium are disclosed for thecollecting and processing of information at the site of an incident by amobile device. As will be appreciated by one skilled in the art, thedisclosure may be embodied as a method, system, or computer programproduct. Accordingly, various embodiments may be implemented entirely inhardware, entirely in software (including firmware, resident software,micro-code, etc.) or in an embodiment combining software and hardware.These various embodiments may all generally be referred to herein as a“circuit,” “module,” or “system.”

For purposes of this disclosure, an information processing system mayinclude any instrumentality or aggregate of instrumentalities operableto compute, classify, process, transmit, receive, retrieve, originate,switch, store, display, manifest, detect, record, reproduce, handle, orutilize any form of information, intelligence, or data for business,scientific, control, or other purposes. For example, an informationprocessing system may be a personal computer, a personal digitalassistant (PDA), a wirelessly-enabled mobile telephone, a server, anetwork storage device, or any other suitable device and may vary insize, shape, performance, functionality, and price. The informationprocessing system may include random access memory (RAM), one or moreprocessing resources such as a central processing unit (CPU) or hardwareor software control logic, read only memory (ROM), and/or other types ofnonvolatile memory. Additional components of the information processingsystem may include one or more disk drives, one or more network portsfor communicating with external devices, as well as various input andoutput (I/O) devices, such as a keyboard, a mouse, and a video display.The information processing system may also include one or more busesoperable to transmit communications between the various hardwarecomponents.

Additionally, various embodiments may take the form of a computerprogram product on a computer-usable storage medium havingcomputer-usable program code embodied in the medium. Any suitablecomputer usable or computer readable medium may be utilized. Thecomputer-usable or computer-readable medium may be, for example, but notlimited to, an electronic, magnetic, optical, electromagnetic, infrared,or semiconductor system, apparatus, device, or propagation medium. Anon-exhaustive list of more specific examples of the computer-readablemedium would include the following: an electrical connection having oneor more wires, an optical fiber, a transmission media such as thosesupporting the Internet or an intranet, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a magnetic storage device, a portable computerdiskette, a hard disk, an optical storage device, a portable compactdisc read-only memory (CD-ROM), or a digital versatile disk (DVD). Notethat the computer-usable or computer-readable medium could even be paperor another suitable medium upon which the program is printed, as theprogram can be electronically captured, via, for instance, opticalscanning of the paper or other medium, then compiled, interpreted, orotherwise processed in a suitable manner and then stored in a computermemory. In the context of this document, a computer-usable orcomputer-readable medium may be any medium that can contain, store,communicate, propagate, or transport the program for use by or inconnection with the instruction execution system, apparatus, or device.The computer-usable medium may include a propagated data signal with thecomputer-usable program code embodied therein, either in baseband or aspart of a carrier wave. The computer usable program code may betransmitted using any appropriate medium, including but not limited tothe Internet, wireline, optical fiber cable, wireless, radio frequency(RF), etc.

Computer program code for carrying out operations in various embodimentsmay be written in an object oriented programming language such as Java,Smalltalk, C++ or the like. However, the computer program code forcarrying out operations in various embodiments may also be written inconventional procedural programming languages, such as the “C”programming language or similar programming languages. The program codemay execute entirely on the user's computer, partly on the user'scomputer, as a stand-alone software package, partly on the user'scomputer and partly on a remote computer or entirely on the remotecomputer or server. In the latter scenario, the remote computer may beconnected to the user's computer through a local area network (LAN), awide area network (WAN), a wireless local area network (WLAN), awireless wide area network (WWAN), a or personal area network (PAN). Inaddition, the connection may be made to an external computer (forexample, through the Internet using an Internet Service Provider) usingany combination of telecommunication technologies and protocols operableto establish a network connection for the exchange of information.

Embodiments of the disclosure are described below with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products. It will be understood that eachblock of the flowchart illustrations and/or block diagrams, andcombinations of blocks in the flowchart illustrations and/or blockdiagrams, can be implemented by computer program instructions. Thesecomputer program instructions may be provided to a processor of ageneral purpose computer, special purpose computer, or otherprogrammable data processing apparatus to produce a machine, such thatthe instructions, which execute via the processor of the computer orother programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

These computer program instructions may also be stored in acomputer-readable memory that can direct a computer, informationprocessing system, or other programmable data processing apparatus, tofunction in a particular manner such that the instructions stored in thecomputer-readable memory produce an article of manufacture includinginstruction means which implement the function/act specified in theflowchart and/or block diagram block or blocks. The computer programinstructions may also be loaded onto a computer or other programmabledata processing apparatus to cause a series of operational steps to beperformed on the computer or other programmable apparatus to produce acomputer implemented process such that the instructions which execute onthe computer or other programmable apparatus provide steps forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

FIG. 1 is a generalized block diagram of an exemplary client informationprocessing system (IPS) 100 in which various embodiments of thedisclosure can be implemented. Client IPS 100 includes a processor unit102 that is coupled to one or more buses 134. A display controller 112,which controls a display 114, is also coupled to or more buses 134,along with peripheral controller 108, which controls one or moreperipheral devices 110. An input/output (I/O) controller 116 affordscommunication with various I/O devices, including a keyboard 118, amouse 120, a floppy disk drive 122, a Compact Disk-Read Only Memory(CD-ROM) drive 124, a flash drive memory 126, and one or more I/O ports128. The format of the ports connected to the I/O controller 116 may beany known to those skilled in the art of computer architecture,including but not limited to Universal Serial Bus (USB) ports.

Client IPS 100 is able to communicate with a service provider server 164via a network 162 using a communications controller 130, which iscoupled to one or more buses 134. Network 162 may be the public switchedtelephone network (PSTN), an external network such as the publicInternet, an internal network such as an Ethernet-based local areanetwork (LAN), a Virtual Private Network (VPN) such as a corporateintranet, or any combination of telecommunication technologies andprotocols operable to establish a network connection for the exchange ofinformation. Using network 162, client IPS 100 is able to access serviceprovider server 164.

A storage controller 104 is also coupled to one or more buses 134.Storage controller 104 interfaces with storage disk or drive 106, whichmay comprise a magnetic storage device such as a hard disk or tapedrive. In various embodiments, storage disk or drive 106 populates asystem memory 136, which is also coupled to one or more buses 134. Datathat populates system memory 136 includes the client IPS 100 operatingsystem (OS) 138 and software programs 144.

OS 138 includes a shell 140 for providing transparent user access toresources such as software programs 144. Generally, shell 140 is aprogram that provides an interpreter and an interface between the userand the operating system. More specifically, shell 140 executes commandsthat are entered into a command line user interface or from a file.Thus, shell 140 (as it is called in UNIX®), also called a commandprocessor in Windows®, is generally the highest level of the operatingsystem software hierarchy and serves as a command interpreter. The shellprovides a system prompt, interprets commands entered by keyboard,mouse, or other user input media, and sends the interpreted command(s)to the appropriate lower levels of the operating system (e.g., a kernel142) for processing. While shell 140 generally is a text-based,line-oriented user interface, various embodiments may also support otheruser interface modes, such as graphical, voice, gestural, etc. Asdepicted, OS 138 also includes kernel 142, which includes lower levelsof functionality for OS 138, including services used by other parts ofOS 138 and software programs 144, including memory management, processand task management, disk management, and mouse and keyboard management.

Software programs 144 may include a communications stack 146, browser156, email client 158, and other programs 160. The communications stack146 is operable to implement any communication protocol enabling variousembodiments of the disclosure. Browser 156 includes program modules andinstructions enabling a World Wide Web (WWW) client (i.e., IPS 100) tosend and receive network messages to the Internet using HyperTextTransfer Protocol (HTTP) messaging, thus enabling communication withservice provider server 164. Software programs 144 also include aconsolidated purchase, payment, and billing system 148. The incidentinformation processing module 148 includes code for implementing theprocesses described in FIGS. 2-6 described hereinbelow. In variousembodiments, the incident information processing module 148 furthercomprises an incident location information module 150. In oneembodiment, client IPS 100 is able to download consolidated purchase,payment, and billing system 148 from a service provider server 164.

The hardware elements depicted in client IPS 100 are not intended to beexhaustive, but rather are representative to highlight components usedin the disclosed systems and methods. For instance, client IPS 100 mayinclude alternate memory storage devices such as magnetic cassettes,Digital Versatile Disks (DVDs), Bernoulli cartridges, and the like.These and other variations are intended to be within the spirit andscope of the disclosure.

FIG. 2 is a simplified block diagram of an incident informationprocessing system as implemented in accordance with embodiments of thedisclosure.

In various embodiments, an incident information processing system 248,comprising incident information module 150, is implemented to processinformation relating to an incident 208. The incident information isprovided by an insured 210, or other parties such as witnesses 214,using one or more mobile devices 212. In these and other embodiments,the incident information is conveyed directly from the mobile devices212 to the incident information processing system 248, through one ormore connections through a network, such as wireless network 262 orphysical network 162. In another embodiment the incident information isconveyed indirectly from the mobile devices 212 to the incidentinformation processing system 248 through an intermediary device 220,such as a stationary computer with a connection to physical network 162.In various embodiments, the conveyed incident information is received bythe incident information processing system 248 and stored in theincident information and claims repository 204. In one embodiment, theclaims processing system 206 uses the conveyed incident informationstored in the incident information and claims repository 204 to processclaims against one or more insurance policies providing coverage for theinsured 208.

In one embodiment, a communication originated by insured 210 is receivedby the incident information processing system 248 from a mobile device212. In various embodiments, the communication may be in the form of avoice call, an instant message, or an electronic mail (email) message.In one embodiment, mobile device 212 comprises a GPS system operable toreceive GPS signals from GPS satellite 216. Using the GPS system, themobile device 202, directly or indirectly with the assistance of insured210, can provide GPS information to the incident information processingsystem 248. The incident location information module 150 can thenprocess the GPS information to provide location information relating toincident 208 to the incident information processing system 248. Inanother embodiment, information relating to cell tower 218 is conveyedby the mobile device 212 to the incident information processing system248. The cell tower information is then processed by the incidentlocation information module 150 to provide location information relatingto incident 208.

In various embodiments, insured 210 is automatically identified when oneor more mobile devices 212 are used when communicating the incidentinformation processing system. In one embodiment, the insured 210 isidentified by the mobile identification number (MIN) associated with amobile device 212. In another embodiment the insured 210 is identifiedby the email address used to originate the communication with theincident information processing system. In yet another embodiment, theinsured 210 is identified by the instant messaging (IM) address used tooriginate the communication with the incident information processingsystem. Once identified, user and policy information relating to insured210 is retrieved from the user and policy information repository 202.

In various embodiments, the user and policy information relating toinsured 210 is used to provide incident response services to the insured210. As an example, incident response services may include emergencyservices 222, wrecker services 224, rental car 226, or lodging 228. Itwill be appreciated that many other such incident response services maybe provided by the incident information processing system, which usesthe location information received from the mobile devices in thefulfillment of these services. In one embodiment, insurance policyinformation related to the insured's 210 coverage is stored in the userand policy information repository 202. This information is retrieved andused by the incident information processing system to determine theinsured's 210 coverage when fulfilling requested incident responseservices. In another embodiment, the insured's financial accountinformation 230 is stored as user information in the user and policyinformation repository 202. In one embodiment, the incident informationprocessing system 248 is operable to use the stored financial accountinformation 230 on behalf of insured 210 to fulfill requested incidentresponse services not fully covered by the insured's 210 insurancepolicies.

In various embodiments, the mobile device 212 is operable to be used toreceive statements from various parties, such as the insured 210 andwitnesses 214, associated with the incident 208. In one embodiment, theincident information processing system 248 generates a first set ofquestions, based on existing incident information, for the insured 210.In another embodiment, the first set of questions is presented to theother party associated with incident 208. In various embodiments thestatus of the other party may be an insured 210, a witness 214, aclaimant, or a responder to the incident. In yet another embodiment, asecond set of questions is generated for the other party, based onexisting incident information. In still another embodiment, a third setof questions, based on the status of the other party and the responsesto the first set of questions by the insured 210, is presented to theother party associated with incident 208. In another embodiment, afourth set of questions, based on the status of the other party and theresponses to the first set of questions by the other party, is presentedto the other party associated with incident 208. In these and otherembodiments, the responses to the first, second, third, and fourth setsof questions are associated with an incident report and stored in theincident information and claims repository 204.

FIGS. 3a-e are a generalized flowchart of the operation of an incidentinformation processing system as implemented with a mobile device in oneembodiment to determine the location of an incident. In this embodiment,incident location determination operations are begun in block 302,followed by the receipt of a communication from a mobile device user inblock 304. In block 306, a determination is made whether thecommunication is in the form of a voice call, an instant message, or anelectronic mail (email) message. If it is determined in block 306 thatthe communication is in the form of a voice call, then the mobileidentification number (MIN) or the mobile device originating the voicecall is captured in block 308. Those of skill in the art will befamiliar with an MIN, which is the wireless equivalent of an automaticnumber identification (ANI) used in wireline calls for identifying theoriginating wireline number of a voice call. As such, it provides thephone number typically associated with a mobile device that is operableto initiate a wireless communications session.

In block 314, a look-up of the MIN is performed within a user and policyinformation repository. As used herein, the user and policy informationrepository is typically implemented as a physical, distributed,logically unified, or federated database of user and insurance policyinformation. In various embodiments, users are insured individuals(insureds) whose coverage is provided by associated policies. Theassociations between the users, or insureds, and their respectiveinsurance policies are maintained, directly or indirectly, by the userand policy information repository. In various embodiments, the user andpolicy information repository may also contain other information, suchas financial account and personal profile information associated withthe users. As an example, personal profile information may includewireline and wireless phone numbers, or MINs and ANIs, respectively,that are associated with a user. In one embodiment, the MIN or ANIassociated with a user is implemented as an index to link a user totheir associated insurance policies. Accordingly, a determination ismade in block 312 whether the MIN captured in block 308 is present inthe user and policy information repository. If so, then user andinsurance policy information indexed to the MIN is retrieved in block314.

However, if it is determined in block 306 that the communicationreceived from the mobile device is an email, then the email address thatoriginated the mobile device communication is captured in block 316. Alook-up operation is then performed in block 318 against the user andpolicy information repository to search for the email address. Adetermination is then made in block 320 whether the email address ispresent, or used as an index to a user's insurance policy information,in the user and policy information repository. If so, then user andinsurance policy information associated with, or indexed to, the emailaddress is retrieved in block 322.

However, if it is determined in block 306 that the communicationreceived from the mobile device is an instant message (IM), then the IMaddress that originated the mobile device communication is captured inblock 324. A look-up operation is then performed in block 326 againstthe user and policy information repository to search for the IM address.A determination is then made in block 328 whether the IM address ispresent, or used as an index to a user's insurance policy information,in the user and policy information repository. If so, then user andinsurance policy information associated with, or indexed to, the emailaddress is retrieved in block 330.

However, if it is respectively determined in blocks 312, 320, and 328that the MIN, email address, or IM address are not present in the userand policy information repository, then other identification informationis requested from the mobile device user in block 332. Once provided,user and insurance policy information associated with the other providedidentification information is retrieved from the user and policyinformation repository in block 334. Once the associated user andinsurance policy information has been retrieved from the user and policyinformation repository in blocks 314, 322, 330 or 334, the identity ofthe mobile device user is confirmed in block 336. For example, the usermay be asked to provide their date of birth, their Social SecurityNumber, or other unique information that only they would typically know.

Once their identity is confirmed, a determination is made in block 338whether the user of the mobile device is an insured of an insurancepolicy whose associated information resides in the user and policyinformation repository. If not, then a determination is made in block342 whether the user of the mobile device is requesting anon-incident-related service. If not, then incident locationdetermination operations are ended in block 399. As an example, a userof a mobile device may have mistakenly called an insurer, erroneouslybelieving the insurer to be their insurance provider. Otherwise, thenon-incident-related service is performed in block 344 and then incidentlocation determination operations are ended in block 399. For example,an insured may have miss-keyed their response to a call routing systemand then were rerouted to the appropriate destination.

However, if it is determined in block 338 that the user of the mobiledevice is an insured, then a determination is made in block 340 whetherthe insured is involved in an incident. If not, then the processcontinues as before, proceeding with block 342. Otherwise, an incidentreport is generated in block 346 and then time and date stamped. Adetermination is then made in block 348 whether the mobile device hasgeographic positioning system (GPS) capabilities. If so, then adetermination is made in block 350 whether the mobile device canautomatically provide GPS information to the incident informationprocessing system. If so, then GPS information is automaticallyretrieved from the mobile device by the incident information processingsystem in block 378. The automatically retrieved GPS information is thenused by the incident information processing system in block 380 toprovide location information relating to the location of the mobiledevice, and by extension, the user of the mobile device. The providedlocation information is then associated in block 398 with the previouslygenerated incident report in the incident information and claimsrepository. Incident location determination operations are then ended inblock 399.

However, if it is determined in block 350 that the mobile device cannotautomatically provide GPS information, then a determination is made inblock 352 whether the user of the mobile device can manually provide GPSinformation to the incident information processing system. If so, thenGPS information is manually retrieved from the mobile device by the userand then provided to the incident information processing system in block374. The manually retrieved and provided GPS information is then used bythe incident information processing system in block 376 to providelocation information relating to the location of the mobile device, andby extension, the user of the mobile device. The provided locationinformation is then associated in block 398 with the previouslygenerated incident report in the incident information and claimsrepository. Incident location determination operations are then ended inblock 399.

However, if it is determined in block 348 that the mobile device doesnot have GPS capabilities, or in block 352 that GPS information cannotbe manually retrieved from the mobile device, then a determination ismade in block 354 whether the mobile device is communicating over acellular or Ethernet 802.11 (WiFi) network. If it is determined in block354 that the mobile device is communicating over a cellular network,then a determination is made in block 356 whether the network cell beingused by the mobile device can be identified. If so, then the networkcell the mobile device is using is identified in block 358. A look-upoperation is then performed in block 360 to cross-reference theidentifier of the network cell to a physical location. The coverage areaof the identified network cell is then determined in block 382 and thenused in block 384 to provide location information relating to thelocation of the mobile device, and by extension, the user of the mobiledevice. The provided location information is then associated in block398 with the previously generated incident report in the incidentinformation and claims repository. Incident location determinationoperations are then ended in block 399.

However, if it is determined in block 356 that the network cell thewireless device is using cannot be identified, then the mobile user isasked to provide a physical address, directions, or physical landmarksin block 372. The mobile user then provides a physical address,directions, or physical landmarks in block 386 which are used in block388 to provide location information relating to the location of themobile device, and by extension, the user of the mobile device. Theprovided location information is then associated in block 398 with thepreviously generated incident report in the incident information andclaims repository. Incident location determination operations are thenended in block 399.

However, if it is determined in block 354 that the mobile device iscommunicating over an Ethernet 802.11 (WiFi) network, then adetermination is made in block 362 whether the beacon feature of theWiFi access point being used by the mobile device is active. Those ofskill in the art will be familiar with WiFi beacons, which announcetheir presence, and corresponding wireless network availability, toWiFi-enabled devices. It has become common in recent years to populatethese WiFi beacons with supplemental information, such as address orlocation information. Since the effective range of a WiFi access pointtypically does not exceed 200 meters, such location information can beuseful when attempting to determine the location of a mobile device.Accordingly, if it is determined in block 362 that the beacon feature ofthe WiFi access point being used by the mobile device is active, then adetermination is then made in block 364 whether address or locationinformation is contained within the beacon. If so, then the address orlocation information contained within the beacon is captured in block394 and used in block 396 to provide location information relating tothe location of the mobile device, and by extension, the user of themobile device. The provided location information is then associated inblock 398 with the previously generated incident report in the incidentinformation and claims repository. Incident location determinationoperations are then ended in block 399.

However, if it is determined in block 362 that the beacon of the WiFiaccess point being used by the mobile device is not active, or in block364 that the beacon is active but not broadcasting location information,then the IP address of the WiFi access point is determined in block 368.A determination is then made in block 370 whether the IP address of theWiFi access point is cross-referenced to a physical location, such as ina network address table used for facilities management. If so, then alook-up operation is performed in block 390 to determine thecross-referenced physical location. The cross-referenced physicallocation is then used in block 392 to provide location informationrelating to the location of the mobile device, and by extension, theuser of the mobile device. The provided location information is thenassociated in block 398 with the previously generated incident report inthe incident information and claims repository. Incident locationdetermination operations are then ended in block 399.

However, if it is determined in block 370 that the IP address of theWiFi access point is not cross-referenced to a physical location, thenthen the mobile user is asked to provide a physical address, directions,or physical landmarks in block 372. The mobile user then provides aphysical address, directions, or physical landmarks in block 386 whichare used in block 388 to provide location information relating to thelocation of the mobile device, and by extension, the user of the mobiledevice. The provided location information is then associated in block398 with the previously generated incident report in the incidentinformation and claims repository. Incident location determinationoperations are then ended in block 399.

FIGS. 4a-c are a generalized flowchart of the operation of an incidentinformation processing system as implemented with a mobile device in anembodiment to provide a response to an incident. In this embodiment,incident response service operations are begun in block 402 followed bythe receipt of a communication from an insured user of a mobile deviceuser in block 406. The identity and location of the insured are thendetermined in block 406 as described in greater detail herein. Adetermination is then made in block 408 whether the insured isrequesting an incident response service. As used herein, an incidentresponse service is defined as any service, or combination of services,that are provided in response to the occurrence of an incident. As anexample, if an insured is involved in an automobile accident incident,then the insured may request the dispatch of an automobile wrecker as anincident response service. As another example, if the insured is out oftown, and their vehicle is a total loss as a result of the accident,they may request the dispatch of a rental vehicle, as well asreservations for local lodging. It will be apparent to those of skill inthe art that many such incident response services are available forprovision to an insured who is involved in an incident.

If it is determined in block 408 that the insured is not requesting anincident response service, then incident response service operations areended in block 456. Otherwise, the parameters of the request aredetermined in block 410. As an example, the insured may request thatonly a roll-off wrecker be dispatched to the scene of the automobileaccident, that a full-size rental vehicle be secured and likewise bedelivered to the scene, and that lodging accommodations with a king-sizebed be reserved. Accordingly, the insured's user and policy coverageinformation is retrieved from the user and insurance policy informationrepository in block 412. The corresponding coverage limits of theinsured's policy are then compared to the incident response serviceparameters determined in block 410.

A determination is then made in block 416 whether the coverage limits ofthe insured's policy cover the cost of the requested incident responseservices with their associated parameters. If so, then the insurer makesarrangements for the provision of the requested incident responseservices, and assumes responsibility for their provision, in block 424.An incident report is then updated with the provided incident responseservices, along with their associated costs, and then stored in anincident information and claims repository in block 446. A determinationis then made in block 448 whether to generate a claim against theinsured's policy. It will be appreciated that not all requested incidentresponse services will result in the generation of a claim against aninsured's policy. For example, the insured may request the dispatch ofemergency services if they have not been previously dispatched. Asanother example, the insured may request that lodging reservations bemade on their behalf, which will be paid for out of pocket by theinsured. If it is determined in block 448 to generate a claim againstthe insured's policy, then it is generated in block 450 and then storedin the incident information and claims repository in block 452. Adetermination is then made in block 454 whether another incidentresponse service request is to be processed. If so, the processcontinues, proceeding with block 408. Otherwise, incident responseservice request operations are ended in block 456.

However, if it is determined in block 418 that the coverage limits ofthe insured's policy do not cover the cost of the requested incidentresponse services with their associated parameters, then coverage gapsare determined and the insured is informed in block 418. A determinationis then made in block 420 whether the insured wishes to adjust theparameters of the requested incident response services. As an example,the insured's policy may cover the full cost of a compact rental car. Ifthe cost differential between a compact rental car and a full sizevehicle is more than the insured is willing pay out of pocket, they mayopt for the compact rental car. Accordingly, if it is determined inblock 420 to adjust the parameters of the requested incident responseservices, then they are adjusted in block 422 and the process continues,proceeding with block 416.

However, if it is determined in block 420 that the parameters of therequested incident response services are not to be adjusted, then adetermination is made in block 426 whether the insured commits to payingfor the coverage gaps. If so, then a determination is made in block 430whether financial account information associated with the insured in onfile. If so, then a determination is made in block 432 whether thefinancial account information is to be used to cover the cost of thecoverage gaps. If so, then the insurer makes arrangements for theprovision of the requested incident response service(s) and uses thefinancial account information that is on file to pay for the coveragegaps on behalf of the insured in block 434. A determination is then madein block 448 whether to generate a claim against the insured's policy.If it is determined in block 448 to generate a claim against theinsured's policy, then it is generated in block 450 and then stored inthe incident information and claims repository in block 452. Adetermination is then made in block 454 whether another incidentresponse service request is to be processed. If so, the processcontinues, proceeding with block 408. Otherwise, incident responseservice request operations are ended in block 456.

However, if it is determined in block 426 that the insured does notcommit to pay for the coverage gaps, then a determination is made inblock 428 whether the insured cancels their request for the responseservice(s). If so, then their request for the incident responseservice(s) are canceled in block 442. A determination is then made inblock 454 whether another incident response service request is to beprocessed. If so, the process continues, proceeding with block 408.Otherwise, incident response service request operations are ended inblock 456.

However, if it is determined in block 428 that the insured does notcancel their request, or in block 432 to not use financial accountinformation that is on file, then a determination is made in block 436whether the insured will provide alternative financial accountinformation to pay for the coverage gaps. As an example, the insured maywish to provide a credit card number and associated expiry informationto the insurer, who in turn uses the provided financial accountinformation on behalf of the insured to make arrangements for theprovision of incident response services. If it is determined in block436 that the insured will not provide alternative financial accountinformation to the insurer, then in block 444 the insurer makesarrangement for the provision of the requested incident responseservices and the insured assumes responsibility for making financialarrangements. A determination is then made in block 448 whether togenerate a claim against the insured's policy. If it is determined inblock 448 to generate a claim against the insured's policy, then it isgenerated in block 450 and then stored in the incident information andclaims repository in block 452. A determination is then made in block454 whether another incident response service request is to beprocessed. If so, the process continues, proceeding with block 408.Otherwise, Incident response service request operations are ended inblock 456.

However, if it is determined in block 436 that the insured will providealternative financial account information, then it is provided to theinsurer in block 438. The insurer then makes arrangement for theprovision of the requested incident response services and uses theprovided financial account information to pay for the coverage gaps onbehalf of the insured. A determination is then made in block 448 whetherto generate a claim against the insured's policy. If it is determined inblock 448 to generate a claim against the insured's policy, then it isgenerated in block 450 and then stored in the incident information andclaims repository in block 452. A determination is then made in block454 whether another incident response service request is to beprocessed. If so, the process continues, proceeding with block 408.Otherwise, incident response service request operations are ended inblock 456.

FIGS. 5a-b are a generalized flowchart of the operation of an incidentinformation processing system as implemented with a mobile device in anembodiment to collect incident information. In this embodiment, incidentinformation collection operations are begun in block 502, followed bythe receipt of a communication originated by an insured user of a mobiledevice in block 504. A determination is then made in block 506 whetherthe insured is providing incident information. If not, then incidentinformation collection operations are ended in block 544. Otherwise, theidentity of the insured is verified and their associated insurancepolicy information is retrieved in block 508 as described in greaterdetail herein. A determination is then made in block 510 whether anincident report has been previously generated. If so, then the incidentreport is retrieved from the user and incident information repositoryand opened in block 512.

However, if it is determined in block 510 that an incident report hasnot previously been generated, then a determination is made in block 514whether the insured is communicating from the scene of an incident. Ifnot, then an incident report is generated without any associatedincident location in block 516. However, if it is determined in block514 that the insured is communicating from the scene of an incident,then the location of the insured user of the mobile device is determinedin block 518 as described in greater detail herein. An incident reportis then generated in block 520 and automatically associated withincident location information relating to the location of the incident.

Once an incident report is retrieved and opened in block 512, orgenerated in blocks 516 or 520, a determination is made in block 522whether live or stored information will be provided by the mobiledevice. If it is determined in block 522 that the incident informationis stored on the mobile device, then it is transferred to the incidentinformation processing system in block 524.

In one embodiment, the stored incident information comprises locationinformation relating to the incident, which is determined as describedin greater detail herein. In another embodiment, the stored incidentinformation comprises image information relating to the incident. Invarious embodiments, the image information may comprise a graphic imageof the incident, a still image of the incident, a photographic image ofthe incident, or a video image of the incident. In another embodiment,the stored incident information comprises audio information relating tothe incident. In various embodiments, the audio information comprisesstatements from an insured, a claimant, a witness, or a responder to theincident. In one embodiment, the incident information is transferreddirectly from the mobile device to the incident information processingsystem as described in greater detail herein. In another embodiment, theincident information is transferred through an intermediate device. Asan example, video of the incident may be recorded by a digital videorecorder that lacks communications capabilities. The digital videorecorder is subsequently connected to a laptop computer through auniversal serial bus (USB) connection and the video of the incident istransferred from the video recorder, through the laptop computer, thenthrough a connection between the laptop computer and a WiFi network. Adetermination is then made in block 526 whether the transfer of storedincident information is complete. If not, the process continues,proceeding with block 524. Otherwise, the incident report is updatedwith the received incident information in block 540. A determination isthen made in block 542 whether to provide additional incidentinformation. If so, then the process continues, proceeding with block522. Otherwise, incident information collection operations are ended inblock 544.

However, if it is determined in block 522 that the incident informationis being provided live from a mobile, device, then a determination ismade in block 528 whether the live incident information is from aperson. If not, then the live incident information is transferred to theincident information processing system in block 530. For example, aninsured user of a mobile device may transfer live video from a cameraphone equipped with video transmission capabilities. In one embodiment,the live incident information comprises location information relating tothe incident, which is determined as described in greater detail herein.In another embodiment, the live incident information comprises imageinformation relating to the incident. In various embodiments, the imageinformation may comprise a graphic image of the incident, a still imageof the incident, a photographic image of the incident, or a video imageof the incident. A determination is then made in block 532 whether thetransfer of live incident information is complete. If not, then theprocess is continued, proceeding with block 530. Otherwise, the incidentreport is updated with the received incident information in block 540. Adetermination is then made in block 542 whether to provide additionalincident information. If so, then the process continues, proceeding withblock 522. Otherwise, incident information collection operations areended in block 544.

However, if it is determined in block 528 that the provider of liveincident information is a person, then the status of the person isdetermined and a dialog is established in block 534. In one embodiment,the live incident information comprises audio dialog informationrelating to the incident. In various embodiments, the audio dialoginformation comprises statements from a person whose status may be aninsured, a claimant, a witness, or a responder to the incident. A livedialog with the person is then conducted and captured by the incidentinformation processing system in block 536. A determination is then madein block 538 whether the dialog with the person is complete. If not,then the process is continued, proceeding with block 536. Otherwise, theincident report is updated with the received incident information inblock 540. A determination is then made in block 542 whether to provideadditional incident information. If so, then the process continues,proceeding with block 522. Otherwise, incident information collectionoperations are ended in block 544.

FIGS. 6a-d are generalized flowcharts of the operation of an incidentinformation processing system as implemented with a mobile device in anembodiment to collect statements. In this embodiment, incident statementcollection operations are begun in block 602, followed by the receipt ofa communication originated by an insured user of a mobile device inblock 604. A determination is then made in block 606 whether the insuredis providing incident information. If not, then incident informationcollection operations are ended in block 664. Otherwise, the identity ofthe insured is verified and their associated insurance policyinformation is retrieved in block 608 as described in greater detailherein. A determination is then made in block 610 whether an incidentreport has been previously generated. If so, then the incident report isretrieved from the user and incident information repository and openedin block 612.

However, if it is determined in block 610 that an incident report hasnot previously been generated, then a determination is made in block 614whether the insured is communicating from the scene of an incident. Ifnot, then an incident report is generated without any associatedincident location in block 616. However, if it is determined in block614 that the insured is communicating from the scene of an incident,then the location of the insured user of the mobile device is determinedin block 618 as described in greater detail herein. An incident reportis then generated in block 620 and automatically associated withincident location information relating to the location of the incident.

Once an incident report is retrieved and opened in block 612, orgenerated in blocks 616 or 620, a determination is made in block 622whether the insured or another party is providing the statementinformation. If it is determined in block 622 that the insured isproviding the statement information, then a first set of incidentquestions, based on existing incident information, is generated by theincident information processing system in block 624. The mobile deviceis then used to convey the first set of questions to the insured andreceive their responses in block 626. A determination is then made inblock 628 whether the insured has finished responding to the first setof questions. If not, the process continues, proceeding with block 626.Otherwise, the statement information resulting from the insured'sresponses to the first set of questions are associated with the incidentreport and stored in the incident information and claims repository inblock 660. A determination is then made in block 662 whether additionalstatement information is to be provided. If so, then the processcontinues, proceeding with block 622. Otherwise, incident statementcollection operations are ended in block 664.

However, if it is determined in block 622 that the incident statementinformation is to be provided by another party, then the status of theother party is determined in block 630. In various embodiments, thestatus of the other party providing the incident statement informationmay be an insured, a claimant, a witness, or a responder to theincident. The mobile device is then used to convey the first set ofquestions to the other party and receive their responses in block 632. Adetermination is then made in block 634 whether the other party hasfinished responding to the first set of questions. If not, the processcontinues, proceeding with block 632. Otherwise, a determination is madein block 636 whether to generate a second set of questions for the otherparty. If not, then the statement information resulting from the otherparty's responses to the first set of questions are associated with theincident report and stored in the incident information and claimsrepository in block 660. A determination is then made in block 662whether additional statement information is to be provided. If so, thenthe process continues, proceeding with block 622. Otherwise, incidentstatement collection operations are ended in block 664.

However, if it is determined in block 636 to generate a second set ofquestions for the other party, then a second set of questions, based onexisting incident information and the status of the other party, aregenerated in block 638. As an example, if the status of the other partyis a claimant, questions relating to the nature of the claim may begenerated. As another example, if the status of the other party is awitness, questions relating to their location prior to the occurrence ofthe incident may be generated. It will be appreciated that many suchquestions are possible based on the status of the other party. Themobile device is then used to convey the second set of questions to theother party and receive their responses in block 640. A determination isthen made in block 642 whether the other party has finished respondingto the second set of questions. If not, the process continues,proceeding with block 640. Otherwise, a determination is made in block644 whether to generate follow-on questions for the other party. If not,the statement information resulting from the other party's responses tothe first and second sets of questions are associated with the incidentreport and stored in the incident information and claims repository inblock 660. A determination is then made in block 662 whether additionalstatement information is to be provided. If so, then the processcontinues, proceeding with block 622. Otherwise, incident statementcollection operations are ended in block 664.

However, if it is determined in block 644 to generate follow-onquestions for the other party, then a third set of questions, based theinsured's responses to the first set of questions and the status of theother party, are generated in block 646. The mobile device is then usedto convey the third set of questions to the other party and receivetheir responses in block 648. A determination is then made in block 650whether the other party has finished responding to the third set ofquestions. If not, the process continues, proceeding with block 648.Otherwise, a determination is made in block 652 whether to generateadditional follow-on questions for the other party. If not, thestatement information resulting from the other party's responses to thefirst, second and third sets of questions are associated with theincident report and stored in the incident information and claimsrepository in block 660. A determination is then made in block 662whether additional statement information is to be provided. If so, thenthe process continues, proceeding with block 622. Otherwise, incidentstatement collection operations are ended in block 664.

However, if it is determined in block 652 to generate additionalfollow-on questions for the other party, then a fourth set of questions,based on the other party's responses to the first set of questions andthe status of the other party, is generated in block 654. The mobiledevice is then used to convey the fourth set of questions to the otherparty and receive their responses in block 656. A determination is thenmade in block 658 whether the other party has finished responding to thefourth set of questions. If not, the process continues, proceeding withblock 656. Otherwise, the statement information resulting from the otherparty's responses to the first, second, third, and fourth sets ofquestions are associated with the incident report and stored in theincident information and claims repository in block 660. A determinationis then made in block 662 whether additional statement information is tobe provided. If so, then the process continues, proceeding with block622. Otherwise, incident statement collection operations are ended inblock 664.

The flowchart and block diagrams in the figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the disclosure. Accordingly, each block in the flowchartor block diagrams may represent a module, segment, or portion of code,which comprises one or more executable instructions for implementing thespecified logical function(s). In certain alternative implementations,the functions performed in a particular block may occur in an order thatis different than what is noted in the figures. For example, two blocksshown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustrations,and combinations of blocks in the block diagrams and/or flowchartillustrations, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the disclosure.As used herein, the singular forms “a,” “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specify thepresence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof. The term “embodiment” can be used todescribe any aspect, feature, process or step, any combination thereof,and/or any portion thereof, of the disclosure and should not beinterpreted as limiting the scope of the application or claims.

While the disclosure has been described by reference to particularembodiments, such references do not imply a limitation and no suchlimitation is to be inferred. As such, the disclosure includes any andall embodiments having equivalent elements, modifications, omissions,combinations (e.g., of aspects across various embodiments), adaptations,alterations, and equivalents in form and function. As will be furtherappreciated by those skilled in the pertinent arts, the disclosure has anumber of aspects and embodiments, and various embodiments may includeoverlapping features.

For example, the above-discussed embodiments may include softwaremodules that include script, batch, or other executable files for theperformance of certain tasks. These software modules may be stored on amachine-readable or computer-readable storage medium such as a diskdrive. Storage devices used for storing software modules in accordancewith various embodiments may include magnetic floppy disks, hard disks,or optical discs such as CD-ROMs or DVDs. A storage device used forstoring firmware or hardware modules in accordance with an embodimentmay also include a semiconductor-based memory, which may be permanently,removably or remotely coupled to a microprocessor/memory system. Thus,the software modules may be stored within a computer system memory toconfigure the computer system to perform the functions of the module.Other new and various types of computer-readable storage media may beused to store the modules discussed herein. Additionally, those skilledin the art will recognize that the separation of functionality intomodules is for illustrative purposes. Alternative embodiments may mergethe functionality of multiple modules into a single module or may imposean alternate decomposition of functionality of modules. For example, asoftware module for calling sub-modules may be decomposed so that eachsub-module performs its function and passes control directly to anothersub-module. In addition, each of the referenced components in thisembodiment may be comprised of a plurality of components, eachinteracting with the other in a distributed environment. Furthermore,other embodiments may expand on the referenced embodiment to extend thescale and reach of the system's implementation.

The description of the disclosure has been presented for purposes ofillustration and description, but is not intended to be exhaustive orlimited in the form disclosed. It will be apparent to those of skill inthe art that many modifications and variations are possible withoutdeparting from the scope and spirit of the disclosure, giving fullcognizance to equivalents in all respects.

What is claimed is:
 1. A system, comprising: a processor; and memorycoupled to the processor, the memory storing instructions that cause theprocessor executing the instructions to effectuate operationscomprising: receiving a wireless communication comprising a uniqueidentifier of a mobile device; retrieving user and policy informationbased on the unique identifier; confirming an identity of a user of themobile device based on the user and policy information; and generatingan incident report comprising a location of the mobile device andincident information, wherein the incident information is received via acommunication protocol and comprises: a video image relating to avehicle from the mobile device; if the communication protocol comprisescellular: identifying a network cell in communication with the mobiledevice, determining a location of the network cell, based on thelocation of the network cell, determining a coverage area of the networkcell, and associating the coverage area of the network cell with thelocation of the mobile device; and if the communication protocolcomprises Wi-Fi: determining a beacon of a Wi-Fi access point incommunication with the mobile device, based on the beacon, determining alocation of the Wi-Fi access point, based on the location of the Wi-Fiaccess point, determining a coverage area of the Wi-Fi access point, andassociating the coverage area of the Wi-Fi access point with thelocation of the mobile device; and determining that the incidentinformation is being received live from the mobile device; determiningthat a provider of the live incident information is the user; responsiveto determining that the incident information is being received live fromthe user, establishing a dialog with the user to update the incidentreport; receiving a request for an incident response service; and basedon the policy information, dispatching a rental vehicle to the locationof the mobile device in response to the request.
 2. The system of claim1, wherein the unique identifier is indexed to an identification of theuser.
 3. The system of claim 1, wherein the incident information furthercomprises location information from the mobile device from a globalpositioning system (GPS).
 4. The system of claim 1, the operationsfurther comprising causing the request for an incident response serviceto be sent.
 5. The system of claim 4, wherein the user comprises aninsured beneficiary of an insurance policy, the operations furthercomprising: determining, based on the user and policy information,financial liability of the user for provision of the incident responseservice.
 6. The system of claim 5, wherein the user and policyinformation comprises financial account information, and wherein thefinancial account information is used to generate a payment to settlethe financial liability.
 7. A method comprising: receiving a wirelesscommunication comprising a unique identifier of a mobile device;retrieving user and policy information based on the unique identifier;confirming an identity of a user of the mobile device based on the userand policy information; and generating an incident report comprising alocation of the mobile device and incident information, wherein theincident information is received via a communication protocol andcomprises a video image relating to a vehicle from the mobile device; ifthe communication protocol comprises cellular: identifying a networkcell in communication with the mobile device, determining a location ofthe network cell, based on the location of the network cell, determininga coverage area of the network cell, and associating the coverage areaof the network cell with the location of the mobile device; and if thecommunication protocol comprises Wi-Fi: determining a beacon of a Wi-Fiaccess point in communication with the mobile device, based on thebeacon, determining a location of the Wi-Fi access point, based on thelocation of the Wi-Fi access point, determining a coverage area of theWi-Fi access point, and associating the coverage area of the Wi-Fiaccess point with the location of the mobile device; and determiningthat the incident information is being received live from the mobiledevice; determining that the provider of the live incident informationis the user; responsive to determining that the incident information isbeing received live from the user, establishing a dialog with the userto update the incident report; receiving a request for an incidentresponse service; and based on the policy information, dispatching arental vehicle to the location of the mobile device in response to therequest.
 8. The method of claim 7, wherein the mobile device comprises aunique identifier is indexed to an identity of the user.
 9. The methodof claim 7, wherein the mobile device is operable to use a globalpositioning system (GPS) to provide location information to the system.10. The method of claim 7, further comprising causing the request forthe incident response service to be sent.
 11. The method of claim 10,wherein the user comprises an insured beneficiary of an insurancepolicy; and further comprising determining, based on the user and policyinformation financial liability of the user for provision of theincident response service.
 12. The method of claim 11, wherein the userand policy information comprises financial account information, andwherein the financial account information is used to generate a paymentto settle the financial liability.